Track merge request approval policy sync state
What does this MR do and why?
We are working on visualising the synchronisation status of merge request approval policies in the policy overview UI (#559273 (closed)).
This MR uses the callbacks introduced by !201777 (merged) to issue sync progress updates from services/workers.
References
Screenshots or screen recordings
How to set up and validate locally
echo "Feature.enable(:security_policies_csp)" | rails c
echo "Feature.enable(:security_policy_sync_propagation_tracking)" | rails c- Navigate to
Admin > Settings > Security and complianceand underCompliance and security policy group, and select a group with an approval policy linked such as:
approval_policy:
- name: CSP any_merge_request
enabled: true
rules:
- type: any_merge_request
branch_type: protected
commits: any
actions:
- type: require_approval
approvals_required: 1
role_approvers:
- owner- Identify the CSP policy configuration's ID:
Security::OrchestrationPolicyConfiguration.for_namespace(
Security::PolicySetting
.for_organization(::Organizations::Organization.default_organization)
.csp_namespace_id)
.pluck(:id)
.first- Subscribe to updates for the configuration as the sync progresses:
subscription {
securityPoliciesSyncUpdated(policyConfigurationId: "gid://gitlab/Security::OrchestrationPolicyConfiguration/$CONFIGURATION_ID") {
projectsProgress
projectsTotal
failedProjects
mergeRequestsProgress
mergeRequestsTotal
}
}MR acceptance checklist
Evaluate this MR against the MR acceptance checklist. It helps you analyze changes to reduce risks in quality, performance, reliability, security, and maintainability.
Related to #528300 (closed)
Edited by Dominic Bauer